Presentation is loading. Please wait.

Presentation is loading. Please wait.

Institute of Information Systems, Humboldt University, 2006· Privacy Engineering Sarah Spiekermann & Lorrie Faith Cranor DIMACS Workshop, Rutgers University.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Institute of Information Systems, Humboldt University, 2006· Privacy Engineering Sarah Spiekermann & Lorrie Faith Cranor DIMACS Workshop, Rutgers University."— Presentation transcript:

1 Institute of Information Systems, Humboldt University, 2006· Privacy Engineering Sarah Spiekermann & Lorrie Faith Cranor DIMACS Workshop, Rutgers University January 2007

2 Institute of Information Systems, Humboldt University, 2006· Privacy Engineering Privacy Threats arising through IS activities User Privacy Concerns and 2 Layers of Responsibility for Privacy Engineers “Privacy by Policy” vs. “Privacy by Architecture” Designing Privacy by Architecture –Client centricity –Identifiability Forms of Trust created through Fair Information Practices Implementing Fair Information Practices Recognizing Responsibility for Data Sharing Networks

3 Institute of Information Systems, Humboldt University, 2006· User Privacy Concerns Access Control Control of personal data collected Network Edge Client Side Data Recipient Layer I Layer II 12 Service Edge 2-Layer Responsibility Framework IS activities with regards to personal data combining data external unauthorized 2nd use exposure internal unauthorized 2nd use unauthorized collection unauthorized execution Attention/inflow of data errors improper access reduced judgments Processing Storage Transfer User Privacy Concerns and 2 Layers of Responsibility for Privacy Engineers

4 Institute of Information Systems, Humboldt University, 2006· Fair Information Practices are the typical short-cut approach to privacy engineering. (1) Notice: Data collectors should provide consumers with clear and conspicuous notice of their information practices, including what information they collect, how they collect it (e.g., directly or through non-obvious means such as cookies), how they use it, how they provide Choice, Access, and Security to consumers, whether they disclose the information collected to other entities, and whether other 3rd entities besides themselves are collecting information about consumers as part of the service. (2) Choice: Data collectors should offer consumers choices as to how their personal identifying information is used beyond the use for which the information was provided (e.g., to consummate a transaction). Such choice would encompass both internal secondary uses (such as marketing back to consumers) and external secondary uses (such as disclosing data to other entities). (3) Access: Data collectors should offer consumers reasonable access to the information which is collected about them, including a reasonable opportunity to review information and to correct inaccuracies or delete information. (4) Security: Data collectors should take reasonable steps to protect the security of the information they collect from consumers.

5 Institute of Information Systems, Humboldt University, 2006· Fair Information Practices are the typical short-cut approach to privacy engineering.

6 Institute of Information Systems, Humboldt University, 2006· identified data collection non-identified data collection network centric architecture client centric architecture increased privacy friendliness Privacy by Policy through FIPs Privacy by Architecture “Privacy by Policy” vs. “Privacy by Architecture”

7 Institute of Information Systems, Humboldt University, 2006· Designing Privacy by Architecture: Client Centricity ClientNetwork services requests Network CentricityClient Centricity Client servicesrequests

8 Institute of Information Systems, Humboldt University, 2006· Designing Privacy by Architecture: Identifiability Identification Continuum System’s Privacy Friendliness Strategic Linkability Choices System Characteristics Stages of Privacy in System Design Necessity to provide for FIPs identified privacy by policy linked unique identifiers across databases contact information stored with profile information 0yes pseudonymous linkable with reasonable& automatable effort no unique identifies across databases common attributes across databases contact information stored separately from profile or transaction information 1yes privacy by architecture not linkable with reasonable effort no unique identifiers across databases no common attributes across databases random identifiers contact information stored separately from profile or transaction information collection of long term person characteristics on a low level of granularity technically enforced deletion of profile details at regular intervals 2no anonymousunlinkable no collection of contact information no collection of long term person characteristics k-anonymity with large value of k 3no

9 Institute of Information Systems, Humboldt University, 2006· Fair Information Practices create Knowledge-based Trust Knowledge-based Trust: the more someone knows about somebody else, the more behavior becomes predictable and understandable Structural Assurance: safety nets, legal recourse, guarantees Calculative Trust: rational assessment of the other party’s benefits and costs of cheating  Fair Information Practices  Privacy Policies & Agents (i.e. Privacy Bird)  Privacy Seals (i.e. TRUSTe)

10 Institute of Information Systems, Humboldt University, 2006· User concernsNotice should be given about… Marketing Practices Combining DataNotice about data combination practices external data purchases? linking practices? Reduced JudgmentNotice about segmentation practices type of judgments made? personalization done? what does personalization lead to for the customer? sharing of segmentation information? Future attention consumption contact plans (i.e. through newsletters, SMS) IS Practices External unauthorized transfer is data shared outside the initial data recipient? if yes, with whom is data shared? External unauthorized processing is data processed externally for other purposes than initially specified? if yes, for what purposes? Internal unauthorized transfer is data transferred within a company conglomerate? if yes with whom within the comglomerate? Internal unauthorized processing is data processed internally for other purposes than initially specified? if yes, for what purposes? Unauthorized collection of data from client use of re-identifiers (i.e. cookies, stable IP address, phone number, EPC) collection of information about device nature (i.e. browser, operating system, phone type) collection of information from the device (i.e. music library, cache information) Unauthorized execution of operations on client installation of software? updates? Exposure cached information (i.e browser caches, document histories) collection of information from the device (i.e. music library, cache information) Implementing Fair Information Practices: Information About What?

11 Institute of Information Systems, Humboldt University, 2006· Main User secondary user application/ system provider access provider 3rd party content/service provider 3rd party peers 3rd party external parties: government/ litigation related parties 3rd party Recognizing Responsibility for Data Sharing Networks (I) data sharing always exists data sharing could exist

12 Institute of Information Systems, Humboldt University, 2006· System Provider Network Provider Service Provider 3rd partiesPeers System Providers Network Provider Service Provider Peers X Y Party X should inform about party Y ( ) Recognizing Responsibility for Data Sharing Networks (II)

13 Institute of Information Systems, Humboldt University, 2006· Thank you for your attention! For more information, please contact the authors: Sarah Spiekermann, Humboldt University Berlin; sspiek@wiwi.hu-berlin.de Lorrie Faith Cranor, Carnegie Mellon University; lorrie@cs.cmu.edusspiek@wiwi.hu-berlin.delorrie@cs.cmu.edu

Download ppt "Institute of Information Systems, Humboldt University, 2006· Privacy Engineering Sarah Spiekermann & Lorrie Faith Cranor DIMACS Workshop, Rutgers University."

Similar presentations

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Privacy Authorization Languages.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Privacy Authorization Languages.
Interaction of RFID Technology and Public Policy Presentation at RFID Privacy MIT 15 TH November 2003 By Rakesh Kumar

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy MIT 15 TH November 2003 By Rakesh Kumar
Domain Name Registrant Data: The Privacy Questions Alan Davidson Center for Democracy and Technology

Domain Name Registrant Data: The Privacy Questions Alan Davidson Center for Democracy and Technology
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Engineering Privacy November 6, 2008.

C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Engineering Privacy November 6, 2008.
Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Design for Privacy February 20,

Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Design for Privacy February 20,
C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Data Privacy October 30, 2008.

C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Data Privacy October 30, 2008.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Data Privacy.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Data Privacy.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
ICAICT202A - Work and communicate effectively in an IT environment

ICAICT202A - Work and communicate effectively in an IT environment
Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Design for Privacy February.

Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Design for Privacy February.
Privacy as an International Information Issue MD823 October 18, 2004.

Privacy as an International Information Issue MD823 October 18, 2004.
NTIA Privacy Multistakeholder Meeting March 25, 2014 Amanda Koulousias, Attorney Division of Privacy and Identity Protection Federal Trade Commission FTC.

NTIA Privacy Multistakeholder Meeting March 25, 2014 Amanda Koulousias, Attorney Division of Privacy and Identity Protection Federal Trade Commission FTC.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
CyLab Usable Privacy and Security Laboratory 1 CyLab Usable Privacy and Security Laboratory Design for.

CyLab Usable Privacy and Security Laboratory 1 CyLab Usable Privacy and Security Laboratory Design for.
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.
This chapter is extracted from Sommerville’s slides. Text book chapter 29 1 1.

This chapter is extracted from Sommerville’s slides. Text book chapter
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Similar presentations

Ads by Google